protection

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

saurabh
Forum Newbie
Posts: 13
Joined: Fri Jun 14, 2002 5:43 am
Location: India
Contact:

protection

Post by saurabh »

Hello Everyone,

I have a webserver which runs php scripts. I wanted a php script that would ask user some details and put them in a file. This should be done in such a way that the file cannot be downloaded or opened by any outsider. So i thought of putting them in a protected folder but how will php access contents of that folder. I dont know how will php access a file of a protected folder. I you know tell me plz.
If you have any other idea as to how to go about it please help me.

Note: I dont want to encrypt file.

Thanks,
Saurabh
qads
DevNet Resident
Posts: 1199
Joined: Tue Apr 23, 2002 10:02 am
Location: Brisbane

Post by qads »

use a database....
User avatar
e+
Forum Commoner
Posts: 44
Joined: Mon Jun 17, 2002 7:07 am
Location: Essex, UK

Post by e+ »

you can use htaccess to restrict access to the folder to localhost that way scripts on the server can access it but outsiders can't.
saurabh
Forum Newbie
Posts: 13
Joined: Fri Jun 14, 2002 5:43 am
Location: India
Contact:

protection

Post by saurabh »

e+ wrote:you can use htaccess to restrict access to the folder to localhost that way scripts on the server can access it but outsiders can't.
Hello,

Can you tell me how to use htaccess thru php or whatever so that i can restrict access to folder on server and its contents can be processed and outsiders cant access it.

Thanks a lot.
Saurabh
saurabh
Forum Newbie
Posts: 13
Joined: Fri Jun 14, 2002 5:43 am
Location: India
Contact:

re: protection

Post by saurabh »

Hello,

I dont want to use a database.
I wanted to know how thru httpaccess i can access a protected folder thru php and outsiders cant download or view files in that folder.
Please help me.

Thanks,
Saurabh
User avatar
e+
Forum Commoner
Posts: 44
Joined: Mon Jun 17, 2002 7:07 am
Location: Essex, UK

Post by e+ »

put in your .htaccess file something like this
Options All
<Limit GET>
order deny,allow
deny from all
allow from http://www.mysite.com
allow from localhost
</Limit>
I don't think you need the http://www.mysite bit but I can't see it doing any harm. If you trust particular sites you can add them here as well. :wink:
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Another option might be to store the files in a folder which is below the root of your webdirectory. For example if your webpages were in mysite/public_html create a folder in mysite called secret_files so your file structure would look something like:

Code: Select all

mysite
   |____ public_html
   |          ->  website files...
   |____ secret_files
              -> files which shouldn't be accessible on the website
You'll then be able to access the files in the new folder in your code but users won't be able to get at them (easily).

Mac
saurabh
Forum Newbie
Posts: 13
Joined: Fri Jun 14, 2002 5:43 am
Location: India
Contact:

re: protection

Post by saurabh »

Hi pal,

you had suggest to use the <Limit Get> code for website so that outsiders cant access the contents. Thought it proved fine but it now dosent open other gif files or other php files in that folder.
In htaccess file i pasted code you gave me. So now it opens 1 php file there but nor it opens any gif file nor any other file.

Please help.

Thanks,
Saurabh
e+ wrote:put in your .htaccess file something like this
Options All
<Limit GET>
order deny,allow
deny from all
allow from http://www.mysite.com
allow from localhost
</Limit>
I don't think you need the http://www.mysite bit but I can't see it doing any harm. If you trust particular sites you can add them here as well. :wink:
User avatar
e+
Forum Commoner
Posts: 44
Joined: Mon Jun 17, 2002 7:07 am
Location: Essex, UK

Post by e+ »

the easiest thing to do would be to seperate the secure stuff of into a folder called secure and lock that up. Is it not possible to set your code up in this way?
saurabh
Forum Newbie
Posts: 13
Joined: Fri Jun 14, 2002 5:43 am
Location: India
Contact:

Post by saurabh »

Hi,

the following code in htaccess file thought proved fine but now it dosent allow me to run more than 1 php file or in html pages it dosent open gif images.
I have a php file that opens another php file in same folder but then it says forbidden etc. gif files also dont open. plz help.

Thanks,
Saurabh

Options All
<Limit GET>
order deny,allow
deny from all
allow from http://www.mysite.com
allow from localhost
</Limit>
saurabh
Forum Newbie
Posts: 13
Joined: Fri Jun 14, 2002 5:43 am
Location: India
Contact:

re: protection

Post by saurabh »

e+ wrote:the easiest thing to do would be to seperate the secure stuff of into a folder called secure and lock that up. Is it not possible to set your code up in this way?
Hi,

Pal creating a folder and locking that folder is what i wanted. I have a folder and in that i have the files that no one should access. but i have php scripts in that folder also that access that files. what should i write in php script outside that folder which will run php scripts inside the protected folder and do processing.

i am thankful for your help.

If you can help me.

Thanks,
Saurabh
saurabh
Forum Newbie
Posts: 13
Joined: Fri Jun 14, 2002 5:43 am
Location: India
Contact:

re:_protetion

Post by saurabh »

Hi,

Pal creating a folder and locking that folder is what i wanted. I have a folder and in that i have the files that no one should access. but i have php scripts in that folder also that access that files. what should i write in php script outside that folder which will run php scripts inside the protected folder and do processing.

i am thankful for your help.

If you can help me.

Thanks,
Saurabh
User avatar
e+
Forum Commoner
Posts: 44
Joined: Mon Jun 17, 2002 7:07 am
Location: Essex, UK

Post by e+ »

I'm getting a bit confused here but I'll have another guess at what you are wanting. By saying you have a file you are wanting to secure I am guessing it's a flat file or something with some information in you don't want people to access (such as user details etc). These files should be placed inside the secure folder and given full read write access. The php and gif files should all be outside the folder. People can't access the source of your php as the server will always parse them so as long as the php isn't set to output anything secret when you run it you are safe. Now you want to run the php as you would normally but have it call the flat files from the secure folder. It should be safe to read and write to them as it is running as localhost. This is no good for securing image files as they will be called by the users browser and not your php script (which only links to them). If you want to keep images secure (which is pretty much impossible) this isn't the method to use. Am I going in the right direction? :?
saurabh
Forum Newbie
Posts: 13
Joined: Fri Jun 14, 2002 5:43 am
Location: India
Contact:

Post by saurabh »

e+ wrote:I'm getting a bit confused here but I'll have another guess at what you are wanting. By saying you have a file you are wanting to secure I am guessing it's a flat file or something with some information in you don't want people to access (such as user details etc). These files should be placed inside the secure folder and given full read write access. The php and gif files should all be outside the folder. People can't access the source of your php as the server will always parse them so as long as the php isn't set to output anything secret when you run it you are safe. Now you want to run the php as you would normally but have it call the flat files from the secure folder. It should be safe to read and write to them as it is running as localhost. This is no good for securing image files as they will be called by the users browser and not your php script (which only links to them). If you want to keep images secure (which is pretty much impossible) this isn't the method to use. Am I going in the right direction? :?
Hi ,

Well you are right. I want a php script to modify a file (flat file) with user details. I want to keep that file in a secured folder so that anyone else dosent download or view that file. So how do i write a make script access a file that is protected. i thought of putting the scripts also in protected folder. but that not that important right now.

So can you tell me how do i make script access a file that is in a protected folder.

Thanks a lot for help.

Saurabh
User avatar
e+
Forum Commoner
Posts: 44
Joined: Mon Jun 17, 2002 7:07 am
Location: Essex, UK

Post by e+ »

If you are having trouble writing to the flatfile you might want to check the CHMOD of the file you will probably need to set it to 777. This is normally a bad thing to do but if the file is protected by being in a secure directory you should be ok. Once you have changed the CHMOD you should be able to access the file with scripts on your server without any difficulty.
Post Reply